Archive

Just a quick post as i received a call from a client saying that he had a message on his computer today “stating that his computer has a serious virus and then asked him to call 866-628-4936 or a UK number to remove the virus” which was a voice speaking to him!!

This is defiantly a SCAM “DO NOT CALL THE NUMBER”

If you require any help or support with this problem please don’t hesitate to contact us or visit our website Remote computer repair

It’s not uncommon for us to find shady websites that replicate the ones of the BBC, or Channel 5 News in an attempt to advertise fake work-from-home jobs. However, it’s somewhat unusual to find such sites that bring something extra, such as the Blackhole exploit kit and a nasty Trojan. More on this story at Softpedia

IT Solutions – Microsoft is telling Windows users that they’ll have to reinstall the operating system if they get infected with a new rootkit that hides in the machine’s boot sector.

A new variant of a Trojan Microsoft calls “Popureb” digs so deeply into the system that the only way to eradicate it is to return Windows to its out-of-the-box configuration, Chun Feng, an engineer with the Microsoft Malware Protection Center (MMPC), said last week on the group’s blog.

“If your system does get infected with Trojan:Win32/Popureb.E, we advise you to fix the MBR and then use a recovery CD to restore your system to a pre-infected state,” said Feng.

A recovery disc returns Windows to its factory settings.

Malware like Popureb overwrites the hard drive’s master boot record (MBR), the first sector — sector 0 — where code is stored to bootstrap the operating system after the computer’s BIOS does its start-up checks. Because it hides on the MBR, the rootkit is effectively invisible to both the operating system and security software.

According to Feng, Popureb detects write operations aimed at the MBR — operations designed to scrub the MBR or other disk sectors containing attack code — and then swaps out the write operation with a read operation.

Although the operation will seem to succeed, the new data is not actually written to the disk. In other words, the cleaning process will have failed.

Security researchers from browsing security firm Trusteer warn that an older, but relatively obscure, piece of malware has been modified for financial fraud.

The trojan, which the firm dubs Sunspot, is currently detected by only 9 out of the 42 antivirus engines available on Virus Total.

Its infection rate is on par with that of SpyEye and ZeuS in some regions and there have already been confirmed fraud loses associated with it.

Despite having existed for some time, this is a modern and very sophisticated piece of malware. It comes with all the features expected of a banking trojan.

This includes the ability to execute man-in-the-browser attacks like web injections, page grabbing, key-logging and screenshot taking

It can infect both 32 and 64-bit Windows installations and can hook into Internet Explorer and Mozilla Firefox, which makes it comparable to other financial fraud trojans.

Trusteer researchers were able to decrypt its configuration and found out that it received instructions to grab account balance figures, last login date and other information from a victim’s account, as well as ask them for additional financial and personal details.

There’s a new piece of malware making the rounds, one that could get more dangerous with time. It’s a Trojan called “OddJob,” and eastern European cybercriminals are using it to steal from online bank accounts. But according to Amit Klein, chief technology officer at security firm Trusteer, the way it’s hijacking account information is different than most other malware.

OddJob is designed to steal session ID tokens, which allows hackers to hijack a user’s online banking session in real-time rather than logging into the account at a later time. The tokens are issued by a bank to identify a user’s session, and by stealing the tokens and embedding them into their own browsers, hackers gain unfettered access to the victim’s account, even while the unknowing victim is still active.

“The malware essentially allows the fraudster to share the session with the victim so that any activity the victim can see, the fraudster can see as well,” Klein said.

After the user logs out, OddJob keeps the hacker logged in.

“The fraudster has a keen interest in the session not being terminated. So in order to avoid that, the malware has the ability to detect logout attempts and to discard them,” Klein added.

Klein also said he thinks OddJob is a work in progress and will only get more sophisticated in time.

A couple suspected of helping spread some of the Internet’s most aggressive computer viruses has been arrested in the English city of Manchester, police said Wednesday.

Scotland Yard’s electronic crimes unit said a man and a woman, both 20, were arrested Nov. 3 on suspicion of helping spread malicious Trojan computer programs sometimes known as “Zbot” or “ZeuS.”

Police said the viruses are thought to have infected tens of thousands of computers worldwide, and one technology consultant described them as the “most notorious pieces of malware of recent times.”

“This is one of the most frequent families of worms that we encounter,” said Graham Cluley, a technology consultant with the U.K. security firm Sophos PLC. “The ferocity with which it’s been spammed out on occasions has really hit our radar.”

Cluley said the Zbot family of viruses first came to his attention in 2007. Since then it has periodically swept across the Internet, stealing personal information from computers across the world and feeding it back to cyber-criminals. The viruses are commonly known as Trojans because they sneak onto computers and attack it from the inside, harvesting millions of lines of data — including banking information, credit card numbers and social networking passwords.

The viruses spread by sending e-mails or other messages from infected computers, impersonating banks, tax officials, credit card companies or even friends and enticing potential victims to click on a link.

Police said given the amount of information stolen “the potential financial gains to the culprits and losses to individuals and institutions are very substantial.”

Cluley said it was impossible to know just how much money had been lost to the viruses, adding that attacks were ongoing — including two in the past week alone.

It is not clear exactly what role the Manchester pair are suspected of playing in the viruses’ spread. Scotland Yard says the two have since been released on bail and declined to elaborate on their investigation.

Suspects in Britain are rarely identified unless they’ve been charged.